--- tags: Kubernetes, NFVI --- # Kubernetes Secrets ## Introduction In this demo we can make one secrete and use with Volume and its stored in ETCD database in the K8s. 1. Imagine that you are deploying some containerized application in k8s, so the configuration of this app contains sensitive data such as username and passwords. 2. Strongly adivsible dont use as a plane text in menifits file. ### What are the secrets in k8s and how to create and use. Concept: Creating the Secrets in 2 ways. 1. Using kubectl 2. Manually & Mainfist files. ### Ways to consume secrets. Once the secretes are created how to inject in the pods. 1. as Volumes 2. as Environment Variables ## Secretes 1. A kubernetes object to handle small amount of senstive data e.g. tokens, passwords or a key. 2. The Main purpose of secrete is to reduce the risk of accidental exposure of confidiential information. 3. Secrets are created outside the pods and containers. 4. Once it created we use secrets in any pod or any number of time. 5. Secretes are stroed inside "ETCD" database on k8s Master. 6. Secrets Max size is 1MB. 7. Other tools secrets are broadcasted to every node, however the beauty of kubernetes secretes is that, k8s secretes can broadcast to all nodes except where we want to use or where we want to sent on specific targated node. # Demo for the demo we can create on secrete file "secret-file.yaml" and store the secretes "username" & "password" In the give code we use username=admin && password=admin. Encoding the password using this command: **YWRtaW4= is the encoded form of admin.**  Decoding the password using this command:  ## Option A with Data as a username and Password ```javascript= apiVersion: v1 kind: Secret metadata: name: mosquitto-secret-file type: Opaque data: username: YWRtaW4= password: YWRtaW4= ``` ## Option B with the data is like a token in the secret file ```java= apiVersion: v1 kind: Secret metadata: name: mosquitto-secret-file type: Opaque data: secret.file: | c29tZXN1cGVyc2VjcmV0IGZpbGUgY29udGVudHMgbm9ib2R5IHNob3VsZCBzZWU= ``` ## Create the Mosquitto pods and using the secret: volumeMount and Volume attributes in the spec is used for using secret in the pod. ```javascript= apiVersion: apps/v1 kind: Deployment metadata: name: mosquitto labels: app: mosquitto spec: replicas: 1 selector: matchLabels: app: mosquitto template: metadata: labels: app: mosquitto spec: containers: - name: mosquitto image: eclipse-mosquitto:1.6.2 ports: - containerPort: 1883 volumeMounts: - name: mosquitto-secret mountPath: /mosquitto/secret readOnly: true volumes: - name: mosquitto-secret secret: secretName: mosquitto-secret-file ``` ## Create the secret, mosquitto pods. 1: secret 2: mosquitto pod ```javascript= # kubectl apply -f secret-file.yaml # kubectl apply -f mosquitto.yaml ``` Check the inside of the container you can find the secrete folder or file inside that as mentioned in the screenshot.